Abstract: A method for dynamically allocating a plurality of command processing resources is disclosed. The method generally includes the steps of (A) allocating the command processing resources from a first protocol layer to a first pool of a second protocol layer below the first protocol layer, (B) allocating at least some of the command processing resources from the first pool to a plurality of second pools and (C) sending a particular one of the command processing resources from one of the second pools to the first protocol layer for processing an operation.

Abstract: The present invention is directed to a method and apparatus for self-configuration of iSCSI storage devices suitable for being utilized as a “plug and play” device for various network environments including direct attached, IP storage area networks with iSNS servers, and IP storage area networks without iSNS servers. The present invention may perform automatic configuration steps including network configuration, storage volume configuration, iSCSI target configuration, iSCSI initiator registration, volume to LUN mapping, and the like. The present invention may be combined with a global configuration setting in the iSCSI storage device to enable automatic configuration. In this manner, the same firmware can be utilized for iSCSI storage devices developed for multiple target markets from direct attached to large IP SANs.

Abstract: The present invention is directed to a method and apparatus for identifying IPsec security policy in iSCSI. In an exemplary aspect of the present invention, a method for identifying IPsec security policy in iSCSI includes the following steps. An IP address may be allocated to a physical port of an iSCSI network entity. The physical port may include at least one TCP listening port. For a discovery session, the IP address may be statically allocated (or permanently leased). For a normal session, the IP address may be statically allocated or DHCP assigned. A TCP listening port associated with the IP address in an iSCSI portal may then be used to link a security policy on an IP connection with iSCSI configuration.

Abstract: The invention is directed to a method and apparatus for supporting legacy mode fail-over drivers with an iSCSI network entity including multiple redundant controllers. In an exemplary aspect of the present invention, to support legacy mode fail-over drivers with an iSCSI network entity including multiple redundant controllers, the following configuration constraints may be placed on the iSCSI network entity and its iSCSI configuration: (1) the network device need have two or more redundant controllers; (2) the portals on each controller may or may not be formed into portal groups; (3) the portal groups may not span controllers (i.e., the target portal groups are limited in scope to a single controller); (4) the same iSCSI target name need be exported by all redundant controllers (i.e., the targets span all controllers of the iSCSI network entity, making the LUNs available to all controllers); (5) the target portal group numbers on the redundant controllers need have unique target portal group tags (i.e.

Abstract: The present invention is directed to methods for defining and naming iSCSI targets using volume access and security policy. In an exemplary aspect of the present invention, a method for defining an iSCSI target using volume access and security policy may include the following steps. One or more volumes of a network entity may be first mapped to an initiator. The mapping defines the unique Logical Unit Number for the volume to an initiator. Then, a security level may be defined for access to each volume accessed by the initiator. The subset of mappings for each initiator may be given any unique name. Next, the mapping and security subsets may be used to define the fully qualified targets with which the initiator may open a session.

Abstract: The present invention is a method and apparatus for providing iSCSI target stealth operation. In an exemplary aspect of the present invention, a method for prohibiting iSCSI discovery sessions may include the following steps: (a) receiving an iSCSI login request; (b) determining whether the iSCSI login request payload contains a “SessionType=Discovery” key/value pair; and (c) when discovery sessions are disabled and the iSCSI login request contains the “SessionType=Discovery” key/value pair, rejecting the iSCSI login request with a iSCSI status-class of “Target Error” and status-detail of “Session Type not Supported.” The present stealth mode may include the foregoing-described method for restricting the discovery operation and a method for managing discovery and ancillary protocols which may lead to denial of service attacks.